o sDie0@sdZddlmZddlZddlZddlZddlmZmZddl m Z m Z m Z m Z mZmZddlZddlmZddlmZddlmZmZmZmZmZmZmZmZmZdd lm Z m!Z!dd l"m#Z#dd l$m%Z%m&Z&e rvdd l'm(Z(dd l)m*Z*dZ+dddZ,eGdddZ-d ddZ.dS)!z$MONGODB-OIDC Authentication helpers.) annotationsN) dataclassfield) TYPE_CHECKINGAnyMappingMutableMappingOptionalUnion)Binary) remaining) CALLBACK_VERSIONHUMAN_CALLBACK_TIMEOUT_SECONDS MACHINE_CALLBACK_TIMEOUT_SECONDSTIME_BETWEEN_CALLS_SECONDS OIDCCallbackOIDCCallbackContextOIDCCallbackResult OIDCIdPInfo_OIDCProperties)ConfigurationErrorOperationFailure)_AUTHENTICATION_FAILURE_CODE)Lock_async_create_lock)AsyncConnection)MongoCredentialF credentialsraddresstuple[str, int]return_OIDCAuthenticatorcCs|jjr|jjS|j}|j}|jdurFd}|j}|D]}||dkr%d}q|dr7|d|ddr7d}q|sFtd|dd|t ||d|j_|jjS) NFrTz*.zRefusing to connect to z(, which is not in authOIDCAllowedHosts: )username properties) cachedatar#mechanism_propertieshuman_callback allowed_hosts startswithendswithrr!)rrprincipal_namer$foundr)pattr/\/home/alumno/antzosa8961/venv/lib/python3.10/site-packages/pymongo/asynchronous/auth_oidc.py_get_authenticator1s&   r1c@s$eZdZUded<ded<eddZded<eddZded <eddZd ed <ed dZd ed<e s=ee dZ ded<n ee dZ ded<ed dZ ded<d=ddZ d=ddZd>ddZd?d!d"Zd=d#d$Zd@d%d&ZdAd)d*ZdBd.d/ZdCd1d2ZdDd4d5Zd?d6d7ZdEd9d:ZdFd;d<ZdS)Gr!strr#rr$N)default Optional[str] refresh_token access_tokenzOptional[OIDCIdPInfo]idp_inforint token_gen_id)default_factoryrlockzthreading.Lockfloatlast_call_timeconnrr Optional[Mapping[str, Any]]cs4|||jjr||IdHS||IdHS)z(Handle a reauthenticate from the server.N) _invalidater$callback_authenticate_machine_authenticate_human)selfr>r/r/r0reauthenticate]s  z!_OIDCAuthenticator.reauthenticatecsZ|j}|r|r|j}|r|dr|j|_|S|jjr%||IdHS||IdHS)z'Handle an initial authenticate request.doneN) auth_ctxspeculate_succeededspeculative_authenticater9oidc_token_gen_idr$rArBrC)rDr>ctxrespr/r/r0 authenticatefs  z_OIDCAuthenticator.authenticate"Optional[MutableMapping[str, Any]]cCs|jsdS|d|jiS)z-Get the appropriate speculative auth command.Njwt)r6_get_start_command)rDr/r/r0get_spec_auth_cmdxsz$_OIDCAuthenticator.get_spec_auth_cmdMapping[str, Any]c sl|jr.z ||IdHWSty-}z||r(||IdHWYd}~Sd}~ww||IdHSN)r6_sasl_start_jwtr_is_auth_errorrB)rDr>er/r/r0rB~s z(_OIDCAuthenticator._authenticate_machinec s|jr.z ||IdHWSty-}z||r(||IdHWYd}~Sd}~ww|jr^z ||IdHWSty]}z||rXd|_||IdHWYd}~Sd}~ww|d}|||IdH}|||IdHSrS) r6rTrrUrCr5rP _run_command_sasl_continue_jwt)rDr>rVcmd start_respr/r/r0rCs.    z&_OIDCAuthenticator._authenticate_humanc s|j}|jdu}|r|jdurdS|jr|j}|jr|j}|j}|r%|S|dur-|s-dS|s|dur|j4IdH|j}||krN|WdIdHSt|j}|tkrct t|IdHt|_|rtt }|jdussJnt t pyt}t|t|j|j|jjd}tst d|j|IdH} n||} t| tstdt| | j|_| j|_|jd7_WdIdH|jS1IdHswY|jS)N)timeout_secondsversionr5r7r#z8Callback result must be of type OIDCCallbackResult, not r")r$r(r7rAr6r;timer=rasynciosleeprr8r rrr r5r#_IS_SYNCget_running_looprun_in_executorfetch isinstancer ValueErrortyper9) rDr$is_humancb prev_token new_tokendeltatimeoutcontextrLr/r/r0_get_access_tokensb       %%z$_OIDCAuthenticator._get_access_tokenrYMutableMapping[str, Any]c sJz |jd|ddIdHWSty$}z ||r||d}~ww)Nz $externalT) no_reauth)commandrrUr@)rDr>rYrVr/r/r0rWs  z_OIDCAuthenticator._run_commanderr ExceptionboolcCst|tsdS|jtkS)NF)rdrcoder)rDrrr/r/r0rUs  z!_OIDCAuthenticator._is_auth_errorNonecCs*|jpd}|dur||jkrdSd|_dS)Nr)rJr9r6)rDr>r9r/r/r0r@s  z_OIDCAuthenticator._invalidaterZcsld|_d|_t|d}d|vrtdi||_|IdH}|j|_| d|i|}| ||IdHS)NpayloadissuerrOr/) r6r5bsondecoderr7rnr9rJ_get_continue_commandrW)rDr>rZ start_payloadr6rYr/r/r0rXsz%_OIDCAuthenticator._sasl_continue_jwtcs8|IdH}|j|_|d|i}|||IdHS)NrO)rnr9rJrPrW)rDr>r6rYr/r/r0rTs z"_OIDCAuthenticator._sasl_start_jwtrwcCs:|dur|j}|rd|i}ni}tt|}dd|dS)Nnr"z MONGODB-OIDC) saslStart mechanismrw)r#r ryencode)rDrwr, bin_payloadr/r/r0rPs  z%_OIDCAuthenticator._get_start_commandcCstt|}d||ddS)Nr"conversationId) saslContinuerwr)r ryr)rDrwrZrr/r/r0r{s z(_OIDCAuthenticator._get_continue_command)r>rr r?)r rN)r>rr rR)r r4)r>rrYror rR)rrrsr rt)r>rr rv)r>rrZrRr rR)rwr?r ro)rwrRrZrRr ro)__name__ __module__ __qualname____annotations__rr5r6r7r9r`rr;r=rErMrQrBrCrnrWrUr@rXrTrPr{r/r/r/r0r!Ns0      ! =    r>rrErtr?cs2t||j}|r||IdHS||IdHS)z Authenticate using MONGODB-OIDC.N)r1rrErM)rr>rE authenticatorr/r/r0_authenticate_oidc)s  r)rrrrr r!)rrr>rrErtr r?)/__doc__ __future__rr^ threadingr] dataclassesrrtypingrrrrr r ry bson.binaryr pymongo._csotr pymongo.auth_oidc_sharedr rrrrrrrrpymongo.errorsrrpymongo.helpers_sharedr pymongo.lockrrpymongo.asynchronous.poolrpymongo.auth_sharedrr`r1r!rr/r/r/r0s.    ,    [